Robust Spectrum Decision Protocol against Primary
User Emulation Attacks in Dynamic Spectrum
Access Networks
Z. Jin, S. Anand and K. P. Subbalakshmi
Department of Electrical and Computer Engineering
Stevens Institute of Technology, New Jersey, USA
Email: {zjin, asanthan, ksubbala}@stevens.edu
Abstract— We propose a spectrum decision protocol resilient
to primary user emulation attacks (PUEA) in dynamic spectrum
access networks. PUEA is a type of denial-of-service attack that
can severely interfere with the spectrum sensing process and
unfairly deprive legitimate secondary users of spectrum access.
In this paper, we present a robust spectrum decision protocol
that can mitigate PUEA using individual spectrum decisions
made by secondary nodes in the network. In order to enable
each secondary node to make an individual spectrum decision to
detect PUEA, we first characterize the received power at good
secondary user. This is done by using a flexible log-normal sum
approximation. The received power thus characterized is used to
determine the probability of successful PUEA on each secondary
user, which is used to develop the proposed protocol. Simulation
results demonstrate that the proposed protocol can significantly
reduce the probability of successful PUEA under Byzantine
attacks (i.e., when the malicious users intentionally provide false
spectrum decisions), while still following the spectrum evacuation
etiquette.
Keywords –
Dynamic spectrum access (DSA), primary user emulation
attack (PUEA), spectrum decision protocol
I. I NTRODUCTION
Dynamic spectrum access (DSA) networks have received
extensive attention recently because of their ability to better
serve the growing bandwidth demands of the users. This
is achieved by allowing unlicensed “secondary users” to
access spectrum bands when the licensed “primary users”
do not use these bands. Secondary users continuously sense
the spectrum and follow a spectrum evacuation etiquette to
evacuate the band, upon the return of the primary user. This
spectrum evacuation protocol, however, can be manipulated
by malicious users, by tricking the system into believing that
there is a primary user, when none is present. This can be
done in various ways, one of which is to emulate the signal
characteristics of the primary. Thus, the good secondary users
following the normal spectrum evacuation process evacuate the
spectrum unnecessarily, leading to what is known as primary
user emulation attack (PUEA) [1].
Several methods exist to thwart PUEA and can be classified into location aware [2] and location unaware techniques [3],[4]. Typically, location aware techniques involve
significant infrastructure overhead like a dedicated sensor
network to determine the locations of transmitters [2]. We
recently proposed a Wald’s sequential probability ratio test
for individual secondary users to detect PUEA in [3] and
extended the analysis in [4] to include a Neyman-Pearson
composite hypothesis test as an alternative. The network
may also use a centralized decision rule (where individual
secondaries transmit data concerning primary activity to a
centralized controller1 which then makes the final decision
on PUEA’s presence) or operate in a non-centralized manner
(where each secondary user makes its own decision about the
presence of PUEA) to detect PUEA. If designed well, the
probability of successful PUEA can be significantly reduced
in the centralized model.
In this paper, we propose a robust spectrum decision protocol for DSA networks with centralized controller which uses
the individual sensing results of secondary users to make the
final spectrum decision for the entire network. We first use
a flexible log-normal sum approximation to characterize the
received power at good secondary user. We then propose an
individual detection mechanism for secondary users to achieve
individual sensing results. The probability of successful PUEA
at each good user is then derived to analyze the effect of
PUEA on the whole network, in terms of the number of good
users successfully attacked by the malicious users. A robust
spectrum decision protocol, in which a centralized controller
collects individual sensing results from secondary users and
makes the final spectrum decision for the entire network, is
then developed to defend the network against PUEA. We
also take into account that in addition to launching PUEA,
malicious users could also launch Byzantine attacks [5] by
sending false sensing results to the centralized controller. We
show by simulations that the proposed protocol can effectively
mitigate PUEA under Byzantine attacks while still following
the spectrum evacuation etiquette.
The rest of the paper is organized as follows. In Section II,
we present the system model. In Section III, we propose the
robust spectrum decision protocol that is resilient to PUEA.
Numerical results are presented in Section IV. Section V
provides the conclusion.
1 The centralized controller can be, e.g., a base station in IEEE 802.22
WRANs, or a trustworthy secondary user in ad-hoc DSA networks.
II. S YSTEM M ODEL
We consider a scenario where all secondary users, i.e., all
the good users and the malicious users, are distributed in a
square grid as shown in Fig. 1. A primary user is located at
a distance dp from the center of the square grid. Spectrum
sensing of secondary user is based on energy detection,
i.e., a secondary user compares its received power to some
pre-defined thresholds. If the received power is below the
detection sensitivity, then the spectrum band is considered to
be vacant. Otherwise, the spectrum band could contain the
signal transmitted by the primary transmitter, or the signal
transmitted by the set of malicious users with the intent to
launch PUEA. The good users, then have to determine whether
the current transmission is from the primary user or from the
malicious users.
Our objective in this paper is two fold.
1) Develop a detection mechanism to enable each individual node to make a spectrum decision (i.e., determine
whether the received signal is from the primary transmitter or PUEA).
2) Develop a centralized spectrum decision protocol, in
which a centralized controller gathers the spectrum
decisions made by each secondary node, to perform a
common spectrum decision for all the nodes, to detect
PUEA.
In order to achieve objective 1) mentioned above, it is desired
to analyze the received power at each secondary node, due
to transmission by the primary transmitter, as well as due to
transmission by the malicious users. The following assumptions are made to carry out our analysis.
5) The path loss exponent for the propagation from the
primary user to any good user is 2 while that from any
malicious user to any good user is 4 [4].
6) The RF signals also undergo log-normal shadowing. The
shadowing at any good user both from the primary user
and from any malicious user, denoted by G2p and G2m , are
2
log-normally
i.e., 10 log
distributed respectively,
10 Gp
2
2
2
∼ N 0, σp and 10 log10 Gm ∼ N 0, σm , where
N (µ, σ 2 ) denotes a normal distribution with mean µ
and variance σ 2 .
7) The Rayleigh fading is assumed to be averaged out and
can hence be ignored [4].
III. P ROTOCOL
TO
M ITIGATE P RIMARY U SER E MULATION
ATTACKS
Before developing the protocol resilient to PUEA, we
present the analysis to obtain the various parameters required
to develop the protocol. We first characterize the received
power at each good secondary user in Section III-A. We then
use this to obtain the probability density function (pdf) of the
received power in Section III-B. In Section III-C, an individual
detection mechanism for secondary users is proposed and its
effect on the entire network is studied. The parameters thus
determined are finally used to develop the protocol in Section
III-D.
A. Received Power at Good User
Since the primary user is usually far away from the
secondary network, its distance to any good user can be
approximated by dp . Thus the received power at any good
(p)
user from the primary, Pr , can be written as
L
Pr(p) = Pt (dp )−2 G2p .
For any good user, its received power from j
(m )
neighbor, Pr j , can be written as
dp
R0
Good Secondary User
Primary
Transmitter
Malicious Secondary User
Fig. 1. A dynamic spectrum access network with length L, consisting of
good secondary users and malicious secondary users. No malicious users are
present within a radius R0 about each good user. A primary transmitter is
located at a distance dp from the center of the grid.
1) There are Ng good users and Nm malicious users,
spatially Poisson distributed with parameters λg and λm ,
respectively, in a square grid of length L.
2) The positions of the good users and the malicious users
are statistically independent of each other.
3) For the ith good user located at (xi , yi ), no malicious
users are present within a circle of radius R0 centered
at (xi , yi ). R0 is the “exclusive distance from the secondary user” [4].
4) The primary user transmits at a power of Pt and the
malicious users transmit at a power of Pm .
(1)
th
malicious
−4 2
Pr(mj ) = Pm (dm
Gm ,
j )
(2)
th
where dm
j is the distance from the good user to its j
m
m
m
malicious neighbor (therefore, d1 ≤ d2 ≤ · · · ≤ dNm ). The
(m)
total received power from all Nm malicious users, Pr , can
be obtained as
Nm
X
Pr(m) =
Pr(mj ) .
(3)
j=1
Typically, the power received at a secondary user from its first
two malicious neighbors is much larger than the sum of the
power received from all the other malicious neighbors. This
m
is because, dm
j >> di , for j > 2 and i = 1, 2, and hence,
m −4
(dj ) , for j > 2, is negligible. Therefore, we only consider
the power received from the first two malicious neighbors.
(m)
Thus, Pr can be approximated by2
Pr(m) ≈ Pr(m1 ) + Pr(m2 ) ,
where
2 This
(m )
Pr 1
and
(m )
Pr 2
can be obtained from Eqn. (2).
approximation will be justified in Fig. 2 in Section IV.
(4)
Since the good users and the malicious users are both spatially Poisson distributed, and their locations are independent
of each other, all N = Ng + Nm secondaries including both
good and malicious users are also spatially Poisson distributed
with parameter λ = λg + λm . The pdf of the distance between
any good user and its nth neighbor, dn , is given by ([6],
Theorem 1)
n
2
fn (dn ) = e−λπdn
2(λπd2n )
,
dn Γ(n)
(5)
where Γ(·) is the generalized Gamma function. From Eqn. (3),
the total received power from all Nm malicious users depends
−4
on (dm
, ∀ j, which, in turn, is determined by the location
j )
of the good user and the location of the malicious user. Since
(m)
all locations are random, computation of Pr
is complex.
−4
Therefore, we use E[(dm
] to simplify analysis. Since
j )
the positions of the secondary users (good and malicious)
are independent, the j th malicious neighbor of a good user
is the nth neighbor (j ≤ n ≤ N − 1) with probability
λ j λg n−j
n−1
−4
m
. Therefore, E[(dm
] is given by
j )
j−1
λ
λ
N−1
−4
E[(dm
]=
j )
X
n=j
E[(dn )−4 ]
n − 1
j−1
λ j λ n−j
m
λ
g
λ
,
(6)
which can be further simplified by approximating N by E[N ].
In Eqn. (6), E[(dn )−4 ] can be obtained by using Eqn. (5).
(m )
Pr j is thus obtained by substituting Eqn. (6) in Eqn. (2),
(m)
and then Pr
can be calculated from Eqn. (4).
B. Probability Density Function of Received Power
(p)
Since dp and
Pt are fixed, Pr is log-normally distributed,
(p)
i.e., 10 log10 Pr
∼ N µp , σp2 , where µp is given by
µp = 10 log10 (Pt ) − 20 log10 (dp ) .
(7)
−4
Similarly, conditioned on E[(dm
] and Pm , every term of
j )
the right hand side of Eqn. (3) is also log-normally distributed,
(m)
thus, Pr
can be approximated as a log-normal random
(m)
variable (RV). To compute the statistical parameters of Pr ,
we adopt the flexible log-normal sum approximation method
proposed by Wu et al in [7]. Thus, conditioned on the distance
(m )
to the 1st malicious neighbor
and Pm , Pr 1 is log-normally
(m1 )
2
∼ N µm1 , σm
. Since the
distributed, i.e., 10 log10 Pr
st
distance to the 1 malicious neighbor is approximated by
−4
E[(dm
], µm1 is given by
1 )
−4
µm1 = 10 log10 (Pm ) + 10 log10 E[(dm
] .
(8)
1 )
(m )
2
Similarly, 10 log10 Pr 2 ∼ N µm2 , σm
, where µm2 is
given by
−4
µm2 = 10 log10 (Pm ) + 10 log10 E[(dm
] .
(9)
2 )
(m)
Pr
is then modeled as a log-normal RV, i.e.,
(m)
2
10 log10 Pr
∼ N µM , σM
. The expressions for
µm1 and µm2 in Eqns. (8) and (9) are used to compute µM
and σM by using the technique described in [7].
C. Individual Detection Mechanism for Good User
Currently, no policy on spectrum sensing has incorporated
any counter-measure to PUEA. This however, is not recommended for good users to sense the primary transmission (i.e.,
based only on the detection sensitivity), because even a small
number of malicious users can transmit enough power to make
the received power at good user exceed the detection sensitivity (usually -94dBm), thus resulting in successful PUEA all
the time. In this subsection, we propose an individual detection
mechanism for good user, with the goal of achieving moderate
PUEA resilience while not compromising the sensitivity required to detect the return of the primary user. The proposed
detection mechanism is then incorporated into the spectrum
decision protocol that will be proposed in Section III-D, to
further mitigate PUEA.
(p)
Since 10 log10 Pr ∼ N (µp , σp2 ) with µp given by Eqn. (7),
we propose to use the empirical rule of normal distribution to
detect the primary user, which is as follows. The received
power from the primary user represented in decibels (dB),
(p)
(p)
Pr (dB), is most likely to satisfy µp − 3σp ≤ Pr (dB) ≤
µp + 3σp . Therefore, by setting the detection thresholds as
µp − 3σp and µp + 3σp , the probability of missing the primary
(i.e., failing to detect the presence of primary user), pmiss , is
given by
n
o
pmiss = 1 − Pr µp − 3σp ≤ Pr(p) (dB) ≤ µp + 3σp
=
=
1 − Q (−3) + Q (3)
0.002701,
(10)
where
Q-function defined by Q(x) =
Z ∞Q(·) is 2the
t
√1
exp −
dt. Thus, the probability of successful
2π
2
x
PUEA, pPUEA , is given by
n
o
pPUEA = Pr µp − 3σp ≤ Pr(m) (dB) ≤ µp + 3σp
µp − 3σp − µM
= Q
σM
µp + 3σp − µM
−Q
.
(11)
σM
Let K denote the number of good users attacked by the
malicious users and K ′ denote the number of good users that
miss the primary. Since the probability of successful PUEA
on any good user is independent of that on any other good
user and the number of good users is a Poisson RV, the set of
attacked users can be obtained by splitting the number of good
users, Ng , according to a Bernoulli process with probability
of success, pPUEA . Thus K is a Poisson RV with parameter
E[Ng ]pPUEA . Similarly, K ′ is a Poisson RV with parameter
E[Ng ]pmiss . Hence, the expected number of attacked users,
2
µK , and the variance of the number of attacked users, σK
,
are given by
2
µK = σK
= E [Ng ] pPUEA .
(12)
Similarly, the expected number of good users missing the
primary, µK ′ , and the variance of the number of good users
N −N
The values of µK , σK , µK ′ and σK ′ can be used to obtain
a spectrum decision protocol to mitigate PUEA, as will be
explained in the following subsection.
D. Spectrum Decision Protocol against Primary User Emulation Attacks
We now develop the spectrum decision protocol resilient to
PUEA, in which a centralized controller obtains the individual spectrum decisions made according to the discussion in
Section III-C, from all the secondary users. The basic idea
behind the protocol is as follows. From the values of µK and
σK given by Eqn. (12), it is possible to estimate the number of
secondary users who sense primary transmission when PUEA
is launched. This set of users also includes the malicious
users who launch Byzantine attacks, i.e., spuriously claim
primary transmission while launching PUEA. Similarly, from
µK ′ and σK ′ given by Eqn. (13), we can estimate the number
of secondary users who would successfully detect primary
transmission when the primary user transmits. It is noted that
when primary transmission takes place, the malicious users do
not gain anything by launching Byzantine attacks and hence,
will provide correct information to the centralized controller.
Since the individual detection mechanism detects PUEA to
some extent and hardly misses the primary user, one can expect
more users claiming primary transmission when the primary
user transmits than when PUEA is launched. Therefore by
setting appropriate thresholds on the number of users whose
individual detection indicates primary transmission, the centralized controller can mitigate PUEA. The detailed description
of the protocol is as follows.
1) Each individual secondary user senses the spectrum and
sends its sensing result to the centralized controller
based on the individual detection mechanism proposed
in Section III-C, i.e.,
a) if the received power in dB is in the range
[µp − 3σp , µp + 3σp ], the secondary user claims
that the primary transmission is detected,
b) else, it claims that PUEA is detected.
2) The centralized controller determines whether the ongoing transmission is from the primary user or due to
PUEA, based on the following criteria,
a) if the number of sensing results claiming primary
transmission, denoted by Np , is greater than Nu =
E [Ng ]−⌈µK ′ ⌉−⌈AσK ′ ⌉+E [Nm ], the centralized
controller determines that the transmission is from
the primary user,
b) else if Np < Nl = ⌈µK ⌉ + ⌈BσK ⌉ + E [Nm ],
the centralized controller decides that the malicious
users are launching PUEA,
c) else (i.e., when Nl ≤ Np ≤ Nu ), the centralized controller concludes primary transmission
IV. N UMERICAL R ESULTS
The values of the system parameters used in simulations are
listed in Table I.
Parameter
dp
L
E [Ng ]
R0
A
Value
100 Km
2000 m
200
30 m
3
Parameter
Pt
Pm
σp
σm
B
Value
100 KW
4W
8 dB
5.5 dB
1
TABLE I
VALUES OF PARAMETERS USED IN SIMULATIONS .
Fig. 2 shows the comparison of the received power at any
good user from its first two malicious neighbors and that
from all the other malicious neighbors. It can be seen that the
received power from the first two malicious neighbors is about
one to three orders of magnitude greater than that from all the
other malicious neighbors, thus justifying the approximation
in Eqn. (4).
−3
10
(mW)
(13)
(m)
2
µK ′ = σK
′ = E [Ng ] pmiss .
with probability Nup −Nll or PUEA with probability
Nu −Np
Nu −Nl .
3) After the good users receive the spectrum decision sent
by the centralized controller, they
a) vacate the spectrum if the centralized controller
decides that it is primary transmission,
b) else, continue using the spectrum if the centralized
controller decides that it is PUEA.
The values of A and B are chosen to reduce the gap between
Nu and Nl , and to maintain Nu > Nl . The choice of the
actual values is empirical.
Received power from malicious users, Pr
2
missing the primary, σK
′ , are given by
−4
10
−5
10
−6
10
Theoretical, 1st two
Experimental, 1st two
Theoretical, all others
Experimental, all others
−7
10
10
20
30
40
50
60
70
80
Average number of malicious users, E[Nm]
90
100
Fig. 2.
Comparison of received power at good user from its first two
malicious neighbors, and that from all the other malicious neighbors.
Fig. 3 presents the detection error in terms of the probability
of successful PUEA and the probability of missing the primary
user when good users make individual spectrum decisions,
based on the detection mechanism proposed in Section III-C.
It is observed that the theoretical results closely follow the
experimental results, thus validating the analysis presented in
Sections III-A, III-B and III-C. It can be seen from Fig. 3(a)
that although sometimes PUEA may be detected easily by
some individual nodes, by deploying the proposed individual
0
10
Probability of successful PUEA, pPUEA
detection mechanism, the network as a whole, still suffers with
the probability of successful PUEA as high as about 0.7. This
brings forth, the need for additional security enhancements to
further mitigate PUEA. It can also be seen that the probability
of successful PUEA increases as the number of malicious users
increases, indicating that more good users will be attacked if
the malicious users accumulate more transmitting power. Note
that in Fig. 3(b), the probability of missing the primary user
is fixed, which follows from Eqn. (10).
−1
10
−2
10
−3
10
−4
10
Protocol
Individual
−5
10
10
Theoretical
Experimental
−2
10
20
30
40
50
60
70
80
Average number of malicious users, E[Nm]
90
100
(a) Probability of successful
PUEA.
30
40
50
60
70
80
Average number of malicious users, E[Nm]
90
100
(a) Probability of successful PUEA.
−2.5
10
−2.6
10
0
10
Theoretical
Experimental
−2.7
10
10
20
30
40
50
60
70
80
Average number of malicious users, E[Nm]
90
100
(b) Probability of missing the
primary.
Fig. 3.
Detection error when good users use the individual detection
mechanism proposed in Section III-C.
Probability of missing primary user, pmiss
Probability of missing primary user, pmiss
Probability of successful PUEA, pPUEA
20
10
−1
10
10
−2.4
0
10
−1
10
−2
10
−3
10
−4
10
Protocol
Individual
Fig. 4 presents the comparison on detection error between
the protocol described in Section III-D and the individual detection mechanism proposed in Section III-C, under Byzantine
attacks. From Fig. 4(a) we observe that the probability of
successful PUEA can be significantly reduced after implementing the proposed protocol. For example, for E[Nm ] = 50,
the proposed protocol results in a probability of successful
PUEA of 1.6 × 10−4 , as against the probability of 0.4 if
nodes rely only on the individual detection mechanism. For
E[Nm ] = 100, a reduction of 66.5% on the probability of
successful PUEA can be achieved when the proposed protocol
is used. It is also shown in Fig. 4(b) that although the proposed
protocol results in a higher probability of missing the primary
user, the actual values of the probability never exceed 0.01.
Therefore, the proposed protocol can successfully defend the
network against PUEA in the presence of Byzantine attacks
while still following the spectrum evacuation etiquette.
V. C ONCLUSION
We presented a centralized spectrum decision protocol for
mitigating PUEA in DSA networks. The proposed protocol
made use of the individual spectrum decision made by each
secondary user. The individual spectrum decision was obtained
by characterizing the received power at good secondary user
through a flexible log-normal sum approximation method.
The proposed protocol was resilient to PUEA and resulted
in a significantly reduced probability of successful PUEA in
the presence of Byzantine attacks, while still following the
spectrum evacuation etiquette. The extension of the proposed
idea to obtain distributed spectrum decision protocols, is under
investigation.
10
20
30
40
50
60
70
80
Average number of malicious users, E[Nm]
90
100
(b) Probability of missing the primary.
Fig. 4. Comparison on detection error between the protocol described in
Section III-D and the individual detection mechanism proposed in Section IIIC, under Byzantine attacks.
ACKNOWLEDGMENT
This research was partially funded by NSF # 0917008 and
NSF # 0916180 and partially funded by 2009-92667-NJ-IJ.
R EFERENCES
[1] R. Chen and J. M. Park, “Ensuring trustworthy spectrum sensing in
cognitive radio networks,” Proc., IEEE Workshop on Networking Technol.
for Software Defined Radio Networks, pp. 110–119, Sep. 2006.
[2] R. Chen, J. M. Park, and J. H. Reed, “Defense against primary user
emulation attacks in cognitive radio networks,” IEEE Jl. on Sel. Areas
in Commun.: Spl. Issue on Cognitive Radio Theory and Applications,
vol. 26, no. 1, pp. 25–37, Jan. 2008.
[3] Z. Jin, S. Anand, and K. P. Subbalakshmi, “Detecting primary user
emulation attacks in dynamic spectrum access networks,” Proc., IEEE
Intl. Conf. on Commun. (ICC’2009), Jun. 2009.
[4] ——, “Mitigating primary user emulation attacks in dynamic spectrum
access networks using hypothesis testing,” ACM SIGMOBILE Mobile
Computing and Commun. Review, Spl. Issue on Cognitive Radio Technol.
and Sys., vol. 13, no. 2, pp. 74–85, April 2009.
[5] L. Lamport, R. Shostak, and M. Pease, “The Byzantine generals problem,”
ACM Trans. on Prog. Languages and Sys., vol. 4, no. 3, pp. 382–401,
Jul. 1982.
[6] M. Haenggi, “On distances in uniformly random networks,” IEEE Trans.
on Info. Theory, vol. 51, no. 10, pp. 3584–3586, Oct. 2005.
[7] J. Wu, N. B. Mehta, and J. Zhang, “A flexible lognormal sum approximation method,” Proc., IEEE Global Commun. Conf. (GLOBECOM’2005),
vol. 6, pp. 3413–3417, Dec. 2005.